Aller au contenu

mc19

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    39

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par mc19

  1. mc19
    dsl j'ai juste sortie ce que je voyais dans le gestionnaire de tâche sous processus voila les services que j'ai obtenu avec la commande que vous m'avez donné Les services Windows suivants ont ‚t‚ lanc‚sÿ: Agent SAP Aide et support Appel de proc‚dure distante (RPC) Apple Mobile Device Assistance TCP/IP NetBIOS Audio Windows Centre de s‚curit‚ Client de suivi de lien distribu‚ Client DHCP Client DNS Compatibilit‚ avec le Changement rapide d'utilisateur Connexions r‚seau DSDM DDE r‚seau D‚tection mat‚riel noyau Emplacement prot‚g‚ Error Reporting Service Explorateur d'ordinateur Gestionnaire de comptes de s‚curit‚ Gestionnaire de connexions d'accŠs distant HID Input Service HTTP SSL Infrastructure de gestion Windows Intel© PROSet/Wireless Event Log Intel© PROSet/Wireless Registry Service Intel© PROSet/Wireless WiFi Service Journal des ‚v‚nements Lanceur de processus serveur DCOM Machine Debug Manager McAfee Anti-Spam Service McAfee Network Agent McAfee Personal Firewall Service McAfee Proxy Service McAfee Real-time Scanner McAfee Services McAfee SiteAdvisor Service McAfee SystemGuards Media Center Receiver Service Mises … jour automatiques NICCONFIGSVC NLA (Network Location Awareness) Notification d'‚v‚nement systŠme Pare-feu Windows / Partage de connexion Internet Planificateur de tƒches Plug-and-Play Pml Driver HPZ12 Serveur Service de la passerelle de la couche Application Service de restauration systŠme Service Protocole EAP (Extensible Authentication Protocol) Services IPSEC Services Terminal Server Spouleur d'impression SSDP Discovery Service Station de travail SystŠme d'‚v‚nements de COM+ ThŠmes TuneUp Extension de thŠme TVersityMediaServer T‚l‚phonie Windows Driver Foundation - User-mode Driver Framework Windows Time La commande s'est termin‚e correctement. Dès que j'ai désactivé O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" le système m'a donné l'impression d'aller un peu plus vite et d'être moins surchargé. Se n'est pas le menu contextuel qui m'embête, alors pourquoi : http://www.hotline-pc.org/menucontextuel.htm, le système surcharge quand je change d'application.
  2. mc19
    Bonjour, j'ai suivi les différentes étape que vous m'avez expliqué le système est plus ou moins stable au bout de 10min après le démarrage, j'ai de nouveau une connexion internet(!!), par contre dès que je change d'application l'uc monte à 100% pendant plusieurs seconde se qui fige mon portable...j'ai essayer une défragmentation et c'est devenu pire. mon système est devenu très poussif. dans le gestionnaire de tâche, je vois que le système utilise 32 processus se qui me semple anormale, moi je n'ai que 5 processus ouvert, le service local 3 et le service réseau 2... J'ai aussi effectuer une recherche avec trojan remover => rien de trouver , avec ccleaner j'ai nettoyer les fichier temporaires. Voilà j'ai décrit tous les symptômes restants. Je vous remercie encore pour tout le temps que vous avez passé à m'aider à résoudre mon problème, MERCI!!
  3. mc19
    alors voila le log que j'ai obtenu avec hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:05, on 23.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\netdde.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\patrick leschot\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156079898312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159796243046 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 8032 bytes merci
  4. mc19
    Bonjour, J'ai de nouveau un problème de uc avec mon ordinateur, j'étai en train d'effectuer le scan avec kaspersky, tout allait bien, jusqu'a ce que mon pc redémarre, et la plus de connexion internet (j'ai fait plusieur redémarrage et rien n'y fait), il est aussi redevenu très lent, uc qui monte à 100%, etc..la seule chose que j'ai effectuer avant le scan est le remplacement de mcafee par antivir, voila... (j'écris de mon 2ème pc puisque que je ne sais pas comment réactiver ma connection, la carte est activer pourtant)
  5. mc19
    Bonjour, les deux fichiers que vous m'avez demandé d'envoyer à virustotal étaient introuvable, les dossier étaient vide. j'ai mon dernier rapport de toolcleaner [ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\VundoFix.txt: trouvé ! C:\Combofix.txt: trouvé ! C:\avenger.txt: trouvé ! C:\TB.txt: trouvé ! C:\SDFIX: trouvé ! C:\Combofix: trouvé ! C:\!Killbox: trouvé ! C:\Vundofix backups: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\TB.txt: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\anti\LSPFix.exe: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\anti\ToolBarSD.exe: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\anti\Rsit.exe: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\anti\SDFIX: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\anti\Sdfix\SDFIX: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\Dossier Yann Autre\HijackThis: trouvé ! C:\Documents and Settings\patrick leschot\Bureau\Dossier Yann Autre\HijackThis\HijackThis.lnk: trouvé ! C:\Karcher\Combofix.txt: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\WINDOWS\NIRCMD.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\patrick leschot\Bureau\anti\LSPFix.exe: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\anti\ToolBarSD.exe: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\Dossier Yann Autre\HijackThis\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\VundoFix.txt: supprimé ! C:\Combofix.txt: supprimé ! C:\avenger.txt: supprimé ! C:\TB.txt: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\TB.txt: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\anti\Rsit.exe: supprimé ! C:\Karcher\Combofix.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\WINDOWS\NIRCMD.exe: supprimé ! C:\SDFIX: supprimé ! C:\Combofix: supprimé ! C:\!Killbox: supprimé ! C:\Vundofix backups: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\anti\SDFIX: supprimé ! C:\Documents and Settings\patrick leschot\Bureau\Dossier Yann Autre\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Je lance combofix et reposte dès que j'ai le log voila le log de combofix ComboFix 08-12-13.03 - patrick leschot 2008-12-18 17:41:43.8 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.521 [GMT 1:00] Lancé depuis: c:\documents and settings\patrick leschot\Bureau\Karcher.exe Commutateurs utilisés :: c:\documents and settings\patrick leschot\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\program files\wt3d.ini c:\temp\P2KT56.exe c:\temp\REX81 . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Host c:\host\License.txt c:\host\mvps.bat c:\host\PrivacyPolicy.txt c:\host\readme.txt c:\program files\wt3d.ini c:\temp\P2KT56.exe c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-18 au 2008-12-18 )))))))))))))))))))))))))))))))))))) . 2015-03-12 19:36 . 2008-12-15 23:14 <REP> d-------- c:\program files\Rapidown 2008-12-18 17:19 . <REP> c:\windows\LastGood.Tmp 2008-12-15 23:19 . 2008-12-16 02:15 <REP> d-------- c:\program files\Power Defrag 2008-12-15 23:19 . 2008-12-15 23:19 796,672 --a------ c:\windows\GPInstall.exe 2008-12-15 23:19 . 2000-05-22 00:00 203,976 --a------ c:\windows\system32\richtx32.ocx 2008-12-15 22:51 . 2008-12-15 22:51 <REP> d-------- c:\program files\ToniArts 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- c:\windows\system32\WLANProfiles 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- C:\Settings 2008-12-14 15:06 . 2008-12-14 15:06 516 --a------ C:\Settings.ini 2008-12-14 13:33 . 2008-12-14 13:33 <REP> d-------- c:\program files\TweakXP 2 2008-12-14 13:33 . 2008-12-14 13:34 104 --a------ c:\windows\_vmtxp.ini 2008-12-13 23:07 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-12-13 23:07 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-12-13 23:07 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-12-13 23:07 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-12-13 23:07 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-12-13 23:06 . 2008-12-17 00:13 <REP> d-------- c:\program files\Trojan Remover 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Simply Super Software 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-12-12 23:50 . 2008-12-13 07:16 <REP> d-------- c:\documents and settings\patrick leschot\DoctorWeb 2008-12-12 21:50 . 2008-12-12 21:50 <REP> d-------- c:\temp\REX81 2008-12-11 19:09 . 2008-12-11 19:09 <REP> d-------- C:\Backups 2008-12-09 22:33 . 2008-12-09 22:33 <REP> d-------- c:\program files\Uniblue 2008-12-09 22:32 . 2008-12-09 22:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06 . 2008-12-15 23:14 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-02 21:35 . 2008-12-08 23:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 21:07 . 2008-12-02 21:07 <REP> d-------- c:\program files\Enigma Software Group 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\program files\burnatonce 2008-11-18 22:13 . 2008-11-18 22:17 <REP> d-------- c:\program files\IDoser v4 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-17 23:01 --------- d-----w c:\documents and settings\patrick leschot\Application Data\MiniLyrics 2008-12-16 23:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-16 23:17 --------- d-----w c:\program files\Veoh Networks 2008-12-15 22:15 --------- d-----w c:\documents and settings\patrick leschot\Application Data\UseNeXT 2008-12-15 22:15 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Azureus 2008-12-15 22:14 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-15 22:14 --------- d-----w c:\program files\MP3 Splitter & Joiner Pro 2008-12-15 22:14 --------- d-----w c:\program files\i386 2008-12-15 22:14 --------- d-----w c:\program files\Amor Photo Downloader 2008-12-15 21:51 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 20:09 --------- d-----w c:\program files\eMule 2008-12-14 19:08 --------- d-----w c:\program files\Trend Micro 2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 23:04 --------- d-----w c:\program files\ma-config.com 2008-12-12 07:56 --------- d-----w c:\program files\McAfee 2008-12-09 21:45 --------- d-----w c:\program files\NCSoft 2008-12-08 20:59 --------- d-----w c:\program files\SpeedFan 2008-12-08 20:43 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-02 21:46 --------- d-----w c:\program files\GemMasterFrench 2008-11-28 23:02 --------- d-----w c:\program files\DivX 2008-10-31 20:19 --------- d-----w c:\program files\ATI Technologies 2008-10-31 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-10-27 17:15 --------- d-----w c:\program files\WinLemm 2008-10-24 14:42 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-24 12:49 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Atari 2008-10-24 12:47 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-10-24 12:10 --------- d-----w c:\program files\Fichiers communs\PocketSoft 2008-10-24 12:02 --------- d-----w c:\program files\Atari 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-24 10:20 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2006-11-04 19:01 2,995,368 ----a-w c:\documents and settings\patrick leschot\SVGView.exe 2008-08-10 14:21 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-04 20:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-11-26 141640] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MoneyPen.lnk backup=c:\windows\pss\MoneyPen.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 17:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2002-12-16 19:26 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] --a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 18:34 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a------ 2005-09-01 18:24 684032 c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 09:20 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Safely Remove] --a------ 2008-07-29 11:17 3256320 c:\program files\USB Safely Remove\USBSafelyRemove.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] \Shell\AutoRun\command - H:\setupSNK.exe *Newly Created Service* - 0217971229617230MCINSTCLEANUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2008-12-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-18 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll FF - ProfilePath - c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - plugin: c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-18 17:49:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1184) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(4012) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ehome\ehrecvr.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan\Mcshield.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\netdde.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\TVersity\Media Server\MediaServer.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************** . Heure de fin: 2008-12-18 18:11:05 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-18 17:09:29 Avant-CF: 21'313'638'400 octets libres Après-CF: 21,285,253,120 octets libres 321 --- E O F --- 2008-12-17 18:46:41
  6. mc19
    Voila je poste enfin, je n'avais pas accès a mon portable en ce début de semaine. J'ai obtenu ce log avec combofix: ComboFix 08-12-13.03 - patrick leschot 2008-12-15 17:11:53.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.482 [GMT 1:00] Lancé depuis: c:\documents and settings\patrick leschot\Bureau\Karcher.exe Commutateurs utilisés :: c:\documents and settings\patrick leschot\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 )))))))))))))))))))))))))))))))))))) . 2015-03-12 19:36 . 2007-10-24 19:14 <REP> d-------- c:\program files\Rapidown 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- c:\windows\system32\WLANProfiles 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- C:\Settings 2008-12-14 15:06 . 2008-12-14 15:06 516 --a------ C:\Settings.ini 2008-12-14 13:33 . 2008-12-14 13:33 <REP> d-------- c:\program files\TweakXP 2 2008-12-14 13:33 . 2008-12-14 13:34 104 --a------ c:\windows\_vmtxp.ini 2008-12-13 23:07 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-12-13 23:07 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-12-13 23:07 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-12-13 23:07 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-12-13 23:07 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-12-13 23:06 . 2008-12-13 23:07 <REP> d-------- c:\program files\Trojan Remover 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Simply Super Software 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-12-12 23:50 . 2008-12-13 07:16 <REP> d-------- c:\documents and settings\patrick leschot\DoctorWeb 2008-12-12 21:50 . 2008-12-12 21:50 <REP> d-------- c:\windows\system32\wER 2008-12-12 21:50 . 2008-12-12 21:51 <REP> d-------- c:\windows\system32\TB 2008-12-12 21:50 . 2008-12-12 21:50 <REP> d-------- c:\temp\REX81 2008-12-12 21:50 . 2008-12-12 21:50 97,163 --a------ c:\temp\P2KT56.exe 2008-12-11 19:09 . 2008-12-11 19:09 <REP> d-------- C:\Backups 2008-12-09 22:33 . 2008-12-09 22:33 <REP> d-------- c:\program files\Uniblue 2008-12-09 22:32 . 2008-12-09 22:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06 . 2008-12-10 22:46 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-02 21:35 . 2008-12-08 23:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 21:12 . 2008-12-08 20:21 <REP> d-------- C:\Host 2008-12-02 21:07 . 2008-12-02 21:07 <REP> d-------- c:\program files\Enigma Software Group 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\program files\burnatonce 2008-11-18 22:13 . 2008-11-18 22:17 <REP> d-------- c:\program files\IDoser v4 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 20:09 --------- d-----w c:\program files\eMule 2008-12-14 19:08 --------- d-----w c:\program files\Trend Micro 2008-12-14 12:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-12 23:04 --------- d-----w c:\program files\ma-config.com 2008-12-12 07:56 --------- d-----w c:\program files\McAfee 2008-12-09 21:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 21:45 --------- d-----w c:\program files\NCSoft 2008-12-08 20:59 --------- d-----w c:\program files\SpeedFan 2008-12-08 20:43 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-04 23:39 --------- d-----w c:\documents and settings\patrick leschot\Application Data\MiniLyrics 2008-12-02 21:46 --------- d-----w c:\program files\GemMasterFrench 2008-11-28 23:02 --------- d-----w c:\program files\DivX 2008-11-03 18:07 --------- d-----w c:\program files\Veoh Networks 2008-10-31 20:19 --------- d-----w c:\program files\ATI Technologies 2008-10-31 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-10-27 17:15 --------- d-----w c:\program files\WinLemm 2008-10-24 14:42 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-24 12:49 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Atari 2008-10-24 12:47 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-10-24 12:10 --------- d-----w c:\program files\Fichiers communs\PocketSoft 2008-10-24 12:02 --------- d-----w c:\program files\Atari 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-24 10:20 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 21:47 --------- d-----w c:\program files\Satellite TV for PC 2008-10-15 21:44 --------- d-----w c:\documents and settings\patrick leschot\Application Data\TVU Networks 2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys 2006-11-04 19:01 2,995,368 ----a-w c:\documents and settings\patrick leschot\SVGView.exe 2006-02-03 20:36 251 ----a-w c:\program files\wt3d.ini 2008-08-10 14:21 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-04 20:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-07-29 3256320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-11-26 141640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MoneyPen.lnk backup=c:\windows\pss\MoneyPen.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 17:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2002-12-16 19:26 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] --a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 09:20 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2008-12-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-15 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll FF - ProfilePath - c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - plugin: c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 17:20:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(3240) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan\Mcshield.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MSK\msksrver.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\netdde.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\TVersity\Media Server\MediaServer.exe c:\windows\ehome\McrdSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Heure de fin: 2008-12-15 17:39:38 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-15 16:38:54 Avant-CF: 21'483'163'648 octets libres Après-CF: 21,456,154,624 octets libres 308 --- E O F --- 2008-12-11 14:38:42 J'ai fait un peu de place dans mes services mais pas encore assez. (encor 40 processus ouvert!) je ne sais pas vraiment lesquels désactiver ou non, même en m'aidant du site que vous m'avez fourni. J'ai aussi nettoyer xp, je l'ai défragmenté et enlever l'indexation des fichiers. Je doit encore remplacer mcafee par antivir et faire l'analyse que vous m'avez demandé. Pour la mise à jour java par contre, il y a quelques petits problème, => j'ai dû télécharger la mise à jour depuis le site de sun, mais quand je veux l'installer, l'installateur se lance mais il reste figé sur démarrage de l'installation (je l'ai laissé durant ~1h). Je vais finir de faire ce que vous m'avez demandé d'effectuer et je reposterai les resultats.
  7. mc19
    voila le rapport de Dirlook DirLook.exe v2.0 by jpshortstuff Log created at 16:43 on 14/12/2008 ================================== Contents of "c:\documents and settings\patrick leschot\Application Data\drivers" Unable to find directory. ================================== =EOF= et voila le rapport de combofix : ComboFix 08-12-13.03 - patrick leschot 2008-12-14 17:03:18.6 - NTFSx86 DSREPAIR Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.510 [GMT 1:00] Lancé depuis: c:\documents and settings\patrick leschot\Bureau\Karcher.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\temp\1cb c:\temp\1cb\syscheck.log c:\windows\system32\wugyinlv.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 )))))))))))))))))))))))))))))))))))) . 2015-03-12 19:36 . 2007-10-24 19:14 <REP> d-------- c:\program files\Rapidown 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- c:\windows\system32\WLANProfiles 2008-12-14 15:06 . 2008-12-14 15:06 <REP> d--h----- C:\Settings 2008-12-14 15:06 . 2008-12-14 15:06 516 --a------ C:\Settings.ini 2008-12-14 13:33 . 2008-12-14 13:33 <REP> d-------- c:\program files\TweakXP 2 2008-12-14 13:33 . 2008-12-14 13:34 104 --a------ c:\windows\_vmtxp.ini 2008-12-13 23:07 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-12-13 23:07 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-12-13 23:07 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-12-13 23:07 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-12-13 23:07 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-12-13 23:06 . 2008-12-13 23:07 <REP> d-------- c:\program files\Trojan Remover 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Simply Super Software 2008-12-13 23:06 . 2008-12-13 23:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-12-12 23:50 . 2008-12-13 07:16 <REP> d-------- c:\documents and settings\patrick leschot\DoctorWeb 2008-12-12 21:50 . 2008-12-12 21:50 <REP> d-------- c:\windows\system32\wER 2008-12-12 21:50 . 2008-12-12 21:51 <REP> d-------- c:\windows\system32\TB 2008-12-12 21:50 . 2008-12-12 21:50 <REP> d-------- c:\temp\REX81 2008-12-12 21:50 . 2008-12-12 21:50 97,163 --a------ c:\temp\P2KT56.exe 2008-12-11 21:59 . 2008-12-12 08:55 <REP> d-------- C:\ComboFix 2008-12-11 19:31 . 2008-12-11 19:35 <REP> d-------- C:\ToolBar SD 2008-12-11 19:09 . 2008-12-11 19:09 <REP> d-------- C:\Backups 2008-12-11 17:20 . 2008-12-11 17:21 <REP> d-------- C:\rsit 2008-12-09 22:33 . 2008-12-09 22:33 <REP> d-------- c:\program files\Uniblue 2008-12-09 22:32 . 2008-12-09 22:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06 . 2008-12-10 22:46 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-02 21:35 . 2008-12-08 23:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 21:12 . 2008-12-08 20:21 <REP> d-------- C:\Host 2008-12-02 21:07 . 2008-12-02 21:07 <REP> d-------- c:\program files\Enigma Software Group 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\program files\burnatonce 2008-11-18 22:13 . 2008-11-18 22:17 <REP> d-------- c:\program files\IDoser v4 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 12:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-12 23:04 --------- d-----w c:\program files\ma-config.com 2008-12-12 07:56 --------- d-----w c:\program files\McAfee 2008-12-09 21:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 21:45 --------- d-----w c:\program files\NCSoft 2008-12-09 18:34 --------- d-----w c:\program files\eMule 2008-12-08 20:59 --------- d-----w c:\program files\SpeedFan 2008-12-08 20:43 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-04 23:39 --------- d-----w c:\documents and settings\patrick leschot\Application Data\MiniLyrics 2008-12-02 21:46 --------- d-----w c:\program files\GemMasterFrench 2008-11-28 23:02 --------- d-----w c:\program files\DivX 2008-11-03 18:07 --------- d-----w c:\program files\Veoh Networks 2008-10-31 20:19 --------- d-----w c:\program files\ATI Technologies 2008-10-31 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-10-27 17:15 --------- d-----w c:\program files\WinLemm 2008-10-24 14:42 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-24 12:49 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Atari 2008-10-24 12:10 --------- d-----w c:\program files\Fichiers communs\PocketSoft 2008-10-24 12:02 --------- d-----w c:\program files\Atari 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 10:20 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 21:47 --------- d-----w c:\program files\Satellite TV for PC 2008-10-15 21:44 --------- d-----w c:\documents and settings\patrick leschot\Application Data\TVU Networks 2006-11-04 19:01 2,995,368 ----a-w c:\documents and settings\patrick leschot\SVGView.exe 2006-02-03 20:36 251 ----a-w c:\program files\wt3d.ini 2008-08-10 14:21 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-04 20:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-12-11_20.26.18.64 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIXT\ERDNT.EXE + 2008-12-11 18:24:20 12,840,960 ----a-w c:\windows\ERUNT\SDFIXT\Users\00000001\ntuser.dat + 2008-12-11 18:24:20 49,152 ----a-w c:\windows\ERUNT\SDFIXT\Users\00000002\UsrClass.dat - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-14 09:47:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-14 09:47:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-14 09:47:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-07-29 3256320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-11-26 141640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MoneyPen.lnk backup=c:\windows\pss\MoneyPen.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 17:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2002-12-16 19:26 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] --a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 09:20 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2008-12-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-14 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll FF - ProfilePath - c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - plugin: c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 17:24:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1196) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(4048) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan\Mcshield.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MSK\msksrver.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\netdde.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\RMSvc.exe c:\windows\ehome\McrdSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Heure de fin: 2008-12-14 17:42:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-14 16:41:47 ComboFix2.txt 2008-12-12 19:07:54 ComboFix3.txt 2008-12-12 08:54:55 ComboFix4.txt 2008-03-23 11:45:18 Avant-CF: 13'973'422'080 octets libres AprÞs-CF: 13,975,662,592 octets libres 296 --- E O F --- 2008-12-11 14:38:42 Quand je vais voir dans gestionnaire de tache -> performance , 58processus ouvert + uc utilisé = 98-100% , pourquoi?? pourtant je n'ai rien de très gourmand qui devrait fonctionner, mais mes processus habituels montent très haut exemples : - svchost.exe (10x) = 3948-26432ko - explorer.exe= 11992ko - ZCfgSvc.exe= 9328ko - services.exe= 4100ko - WLKEEPER.exe= 5220ko - aawservice.exe = 1632ko - AppleMobileDeviceService.exe= 2672ko - Ati2evxx.exe (2x) = 2836-5088ko - Atiptaxx = 5712ko - Calmain.exe = 3172ko - csrss.exe = 4404ko - dllhost.exe = 6784ko - ehrecvr.exe = 5232ko - mcmacsvc.exe = 5312ko - MpfSrv.exe = 5132ko - NBService.exe = 7156ko - ... presque tout mes processus dépasse les 1000 voir les 2000 ko d'utilisation mémoire (4 services en dessous de 1000ko : Processus inactif, mcagent.exe, System, smss.exe ; + 4 services en dessous de 2000ko : aawservice.exe, lsass.exe, wbload.exe, McProxy.exe) Je ne sais pas si ça peut vous aider ( je ne pense pas vraiment) mais c'était juste pour signaler. Un problème dans le registre qui aurait pus dérégler tout ces processus? une infection du registre?
  8. mc19
    Bonsoir après environ 23h d'analyse j'ai obtenu le rapport suivant maconfservice.exe c:\program files\ma-config.com Probablement BACKDOOR.Trojan Irréparable.Supprimé. Combo-Fix.exe\32788R22FWJFW\C.bat C:\Documents and Settings\patrick leschot\Bureau\Combo-Fix.exe Probablement BATCH.Virus Combo-Fix.exe\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\patrick leschot\Bureau\Combo-Fix.exe Program.PsExec.171 Combo-Fix.exe C:\Documents and Settings\patrick leschot\Bureau L'archive contient des éléments infectés Quarantaine. Process.exe C:\Documents and Settings\patrick leschot\Bureau\Sdfix\SDFix\apps Tool.Prockill Quarantaine. Mais explorer.exe est toujours très lent au démarrage, la barre de tâche va toujours autant lentement au démarrage, les processus utilisent toujours une quantité de mémoire énorme alors qu'avant ils n'utilisaient même pas la moitiés.....enfin voila je crois que j'ai tout dit Je vous remercies pour le temps que vous utilisez pour m'aider à résoudre mon problème.
  9. mc19
    j'ai finalement réussi à redémarrer mon pc, mais le démarrage a été très lent (~20min) plus j'ai été obligé de passer par le gestionnaire de tâche, fermer explorer.exe et le relancer (2fois)... j'ai donc réussi à récupérer le second log de combo-fix, le voila: ComboFix 08-12-11.04 - patrick leschot 2008-12-12 19:33:09.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.484 [GMT 1:00] Lancé depuis: c:\documents and settings\patrick leschot\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\patrick leschot\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\776E78A033.sys c:\windows\system32\g15.exe c:\windows\system32\ocntlsdl.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\776E78A033.sys c:\windows\system32\g15.exe c:\windows\system32\ocntlsdl.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 )))))))))))))))))))))))))))))))))))) . 2015-03-12 19:36 . 2007-10-24 19:14 <REP> d-------- c:\program files\Rapidown 2008-12-11 21:59 . 2008-12-12 08:55 <REP> d-------- C:\ComboFix 2008-12-11 19:31 . 2008-12-11 19:35 <REP> d-------- C:\ToolBar SD 2008-12-11 17:20 . 2008-12-11 17:21 <REP> d-------- C:\rsit 2008-12-10 00:35 . 2008-12-10 00:43 1,393 --a------ c:\windows\imsins.BAK 2008-12-09 22:33 . 2008-12-09 22:33 <REP> d-------- c:\program files\Uniblue 2008-12-09 22:32 . 2008-12-09 22:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06 . 2008-12-10 22:46 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-02 21:35 . 2008-12-08 23:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 21:12 . 2008-12-08 20:21 <REP> d-------- C:\Host 2008-12-02 21:07 . 2008-12-02 21:07 <REP> d-------- c:\program files\Enigma Software Group 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\program files\burnatonce 2008-11-18 22:13 . 2008-11-18 22:17 <REP> d-------- c:\program files\IDoser v4 2008-11-13 03:08 . 2008-12-10 00:40 118 --a------ c:\windows\system32\MRT.INI 2008-11-13 01:48 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-13 01:47 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 07:56 --------- d-----w c:\program files\McAfee 2008-12-09 21:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 21:45 --------- d-----w c:\program files\NCSoft 2008-12-09 18:34 --------- d-----w c:\program files\eMule 2008-12-08 20:59 --------- d-----w c:\program files\SpeedFan 2008-12-08 20:43 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-04 23:39 --------- d-----w c:\documents and settings\patrick leschot\Application Data\MiniLyrics 2008-12-03 23:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-02 21:46 --------- d-----w c:\program files\GemMasterFrench 2008-11-28 23:02 --------- d-----w c:\program files\DivX 2008-11-03 18:07 --------- d-----w c:\program files\Veoh Networks 2008-10-31 20:19 --------- d-----w c:\program files\ATI Technologies 2008-10-31 19:17 --------- d-----w c:\program files\ma-config.com 2008-10-31 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-10-27 17:15 --------- d-----w c:\program files\WinLemm 2008-10-24 14:42 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-24 12:49 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Atari 2008-10-24 12:10 --------- d-----w c:\program files\Fichiers communs\PocketSoft 2008-10-24 12:02 --------- d-----w c:\program files\Atari 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 10:20 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 21:47 --------- d-----w c:\program files\Satellite TV for PC 2008-10-15 21:44 --------- d-----w c:\documents and settings\patrick leschot\Application Data\TVU Networks 2008-10-13 16:23 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-10-12 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-10-12 16:24 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Nero 2008-10-12 16:12 --------- d-----w c:\program files\Fichiers communs\Nero 2008-10-12 15:39 --------- d-----w c:\program files\Nero 2008-10-12 15:36 --------- d-----w c:\program files\Windows Sidebar 2008-10-12 13:59 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2006-11-04 19:01 2,995,368 ----a-w c:\documents and settings\patrick leschot\SVGView.exe 2006-02-03 20:36 251 ----a-w c:\program files\wt3d.ini 2008-08-10 14:21 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-04 20:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-12-11_20.26.18.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-12 12:48:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-12 12:48:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-12 12:48:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-12 18:47:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_fb4.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-07-29 3256320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-11-26 141640] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MoneyPen.lnk backup=c:\windows\pss\MoneyPen.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 17:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2002-12-16 19:26 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] --a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 09:20 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2008-12-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-12 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll FF - ProfilePath - c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - plugin: c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 19:42:42 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1184) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(1420) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\ma-config.com\maconfservice.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan\Mcshield.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\RMSvc.exe c:\windows\ehome\McrdSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\imapi.exe . ************************************************************************** . Heure de fin: 2008-12-12 20:07:30 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-12 19:06:12 ComboFix2.txt 2008-12-12 08:54:55 ComboFix3.txt 2008-03-23 11:45:18 Avant-CF: 13'367'234'560 octets libres Après-CF: 13,337,792,512 octets libres 299 --- E O F --- 2008-12-11 14:38:42
  10. mc19
    bonsoir.... après avoir effectuer la maneur citée dans le post précédant(qui c'est déroulée normalement) mon pc a redémarré et maintenant je n'arrive plus à le récupérer...le bureau ne s'affiche pas...toujours pas de mode sans échec...je ne sais pas quoi faire pour revenir à la normale.... merci d'avance (le message est écrit à partir d'un autre ordinateur)
  11. mc19
    voilà le rapport de ComboFix u6kComboFix 08-12-11.04 - patrick leschot 2008-12-12 9:24:04.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.491 [GMT 1:00] Lancé depuis: c:\documents and settings\patrick leschot\Bureau\Combo-Fix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\InfoSat.txt c:\temp\gbRve12 c:\temp\vtmp2 c:\windows\system32\notepad.tmp c:\windows\system32\notepad.tmp2 c:\windows\Tasks\adfarupq.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 )))))))))))))))))))))))))))))))))))) . 2015-03-12 19:36 . 2007-10-24 19:14 <REP> d-------- c:\program files\Rapidown 2008-12-12 08:56 . 2008-12-12 08:56 <REP> d-------- c:\windows\LastGood.Tmp 2008-12-11 21:59 . 2008-12-12 08:55 <REP> d-------- C:\ComboFix 2008-12-11 19:31 . 2008-12-11 19:35 <REP> d-------- C:\ToolBar SD 2008-12-11 17:20 . 2008-12-11 17:21 <REP> d-------- C:\rsit 2008-12-10 00:35 . 2008-12-10 00:43 1,393 --a------ c:\windows\imsins.BAK 2008-12-09 22:33 . 2008-12-09 22:33 <REP> d-------- c:\program files\Uniblue 2008-12-09 22:32 . 2008-12-09 22:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06 . 2008-12-10 22:46 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-02 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-02 21:35 . 2008-12-08 23:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 21:12 . 2008-12-08 20:21 <REP> d-------- C:\Host 2008-12-02 21:07 . 2008-12-02 21:07 <REP> d-------- c:\program files\Enigma Software Group 2008-12-02 18:57 . 2008-12-02 18:57 548,928 --a------ c:\windows\system32\ocntlsdl.exe 2008-12-02 18:57 . 2008-12-02 18:57 153,404 --a------ c:\windows\system32\g15.exe 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41 . 2008-12-01 22:47 <REP> d-------- c:\program files\burnatonce 2008-11-18 22:13 . 2008-11-18 22:17 <REP> d-------- c:\program files\IDoser v4 2008-11-13 03:08 . 2008-12-10 00:40 118 --a------ c:\windows\system32\MRT.INI 2008-11-13 01:48 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-13 01:47 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 07:56 --------- d-----w c:\program files\McAfee 2008-12-09 21:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 21:45 --------- d-----w c:\program files\NCSoft 2008-12-09 18:34 --------- d-----w c:\program files\eMule 2008-12-08 20:59 --------- d-----w c:\program files\SpeedFan 2008-12-08 20:43 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-04 23:39 --------- d-----w c:\documents and settings\patrick leschot\Application Data\MiniLyrics 2008-12-03 23:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-02 21:46 --------- d-----w c:\program files\GemMasterFrench 2008-11-28 23:02 --------- d-----w c:\program files\DivX 2008-11-03 18:07 --------- d-----w c:\program files\Veoh Networks 2008-10-31 20:19 --------- d-----w c:\program files\ATI Technologies 2008-10-31 19:17 --------- d-----w c:\program files\ma-config.com 2008-10-31 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-10-27 17:15 --------- d-----w c:\program files\WinLemm 2008-10-24 14:42 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-24 12:49 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Atari 2008-10-24 12:10 --------- d-----w c:\program files\Fichiers communs\PocketSoft 2008-10-24 12:02 --------- d-----w c:\program files\Atari 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 10:20 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 21:47 --------- d-----w c:\program files\Satellite TV for PC 2008-10-15 21:44 --------- d-----w c:\documents and settings\patrick leschot\Application Data\TVU Networks 2008-10-13 16:23 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-10-12 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-10-12 16:24 --------- d-----w c:\documents and settings\patrick leschot\Application Data\Nero 2008-10-12 16:12 --------- d-----w c:\program files\Fichiers communs\Nero 2008-10-12 15:39 --------- d-----w c:\program files\Nero 2008-10-12 15:36 --------- d-----w c:\program files\Windows Sidebar 2008-10-12 13:59 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2006-11-04 19:01 2,995,368 ----a-w c:\documents and settings\patrick leschot\SVGView.exe 2006-02-03 20:36 251 ----a-w c:\program files\wt3d.ini 2008-08-10 14:21 104 --sh--r c:\windows\system32\776E78A033.sys 2008-08-10 14:21 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-04 20:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-12-11_20.26.18.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-12 07:57:02 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-11 18:53:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-12 07:57:02 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-12 08:37:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8dc.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-07-29 3256320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-11-26 141640] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll alteym.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MoneyPen.lnk backup=c:\windows\pss\MoneyPen.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 17:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2002-12-16 19:26 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] --a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 09:20 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] \Shell\AutoRun\command - H:\setupSNK.exe *Newly Created Service* - 0325011229068618MCINSTCLEANUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2008-11-28 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-12 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-sglfb.sys SafeBoot-tga.sys MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6066\SiteAdv.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-TkBellExe - c:\program files\RealMedia\Update_OB\realsched.exe MSConfigStartUp-Workflow - d:\installs\Workflow.exe . ------- Examen supplémentaire ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll FF - ProfilePath - c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - plugin: c:\documents and settings\patrick leschot\Application Data\Mozilla\Firefox\Profiles\wqx0ket5.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 09:32:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1188) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\ma-config.com\maconfservice.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan\Mcshield.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\netdde.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\RMSvc.exe c:\program files\TVersity\Media Server\MediaServer.exe c:\windows\system32\fxssvc.exe c:\windows\ehome\McrdSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Heure de fin: 2008-12-12 9:53:48 - La machine a redémarré [patrick leschot] ComboFix-quarantined-files.txt 2008-12-12 08:52:50 ComboFix2.txt 2008-03-23 11:45:18 Avant-CF: 13,470,466,048 octets libres Après-CF: 13,443,133,440 octets libres 308 --- E O F --- 2008-12-11 14:38:42
  12. mc19
    Après une nouvelle tentative de lancer windows en mode sans échec, qui s'est donc soldé par un échec. => Je n'ai pas réussi à obtenir de rapport de SDFix. J'ai décidé de lancer la recherche pour TOOLBAR-S&D en Normal BOOT voici le rapport que j'ai obtenu: -----------\\ ToolBar S&D 1.2.6 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 2.13GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05 USER : patrick leschot ( Administrator ) BOOT : Normal boot Antivirus : McAfee VirusScan (Activated) Firewall : McAfee Personal Firewall (Activated) C:\ (Local Disk) - NTFS - Total:88 Go (Free:12 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 ) Option : [1] ( 11.12.2008|19:32 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (patrick leschot) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (patrick leschot) - {a33fa729-d155-4b23-842b-2c665ecabdb6} => the_pirate_bay (patrick leschot) - {89506680-e3f4-484c-a2c0-ed711d481eda} => showcase -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Home_Page"="http://www.euro.dell.com" "Help_Page"="http://support.euro.dell.com" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\srosa] --------------------\\ Cracks & Keygens .. C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\MathType 6.0c + Portable Version Incl Keygen C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\MathType 6.0c + Portable Version Incl Keygen\Instructions.txt C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\MathType 6.0c + Portable Version Incl Keygen\Keygen C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\Epocware[1].Handy.Converter.v1.01.UIQ3.SymbianOS9.Incl.Keygen-HSpda.zip C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\HeroCraft.Stolen.In.60.Seconds.v1.0.Multilanguage.UIQ.SymbianOS.Incl.Keygen-SyMPDA C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\keygen.exe C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\HeroCraft.Stolen.In.60.Seconds.v1.0.Multilanguage.UIQ.SymbianOS.Incl.Keygen-SyMPDA\sym-1928.zip C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\HeroCraft.Stolen.In.60.Seconds.v1.0.Multilanguage.UIQ.SymbianOS.Incl.Keygen-SyMPDA\sympda.nfo C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\MauMauUIQ3\Lonely.Cat.Games.Mau.Mau.v2.10.S60.SymbianOS.Keygen.exe C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\Mobile BlueTooth Hacking and Extras (AIO)\crack C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\Mobile BlueTooth Hacking and Extras (AIO)\crack\???????? ? ??????.reg C:\DOCUME~1\PATRIC~1\Bureau\Dossier Yann Autre\w960i\pwervideo\Keygen.exe 1 - "C:\ToolBar SD\TB_1.txt" - 11.12.2008|19:35 - Option : [1] -----------\\ Fin du rapport a 19:35:03.15
  13. mc19
    alors j'ai télécharger rsit et j'obtiens les rapports suivants: Logfile of random's system information tool 1.04 (written by random/random) Run by patrick leschot at 2008-12-11 17:20:46 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 5 GB (5%) free of 91 GB Total RAM: 1023 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21:00, on 11.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\AlienGUIse\wbload.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ma-config.com\maconfservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe C:\Documents and Settings\patrick leschot\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\patrick leschot.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156079898312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159796243046 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: wbsys.dll alteym.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11285 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\adfarupq.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-20 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe [2007-11-26 141640] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-24 401491] "USB Safely Remove"=C:\Program Files\USB Safely Remove\USBSafelyRemove.exe [2008-07-29 3256320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-12-16 376912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-24 401491] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-06-10 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\RealMedia\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow] D:\Installs\Workflow.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MoneyPen.lnk] C:\PROGRA~1\MoneyPen\MoneyPen.exe [2005-08-29 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="wbsys.dll alteym.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sglfb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tga.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoInstrumentation"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\emule\emule.exe"="C:\emule\emule.exe:*:Enabled:eMule" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe"="C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 11.0" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822107a6-9438-11db-8d92-001422ea6527}] shell\AutoRun\command - H:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2015-03-12 19:36:47 ----D---- C:\Program Files\Rapidown 2008-12-11 17:20:46 ----D---- C:\rsit 2008-12-11 15:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 15:21:15 ----D---- C:\WINDOWS\LastGood 2008-12-11 00:16:09 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-10 00:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-10 00:40:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-10 00:35:58 ----A---- C:\WINDOWS\imsins.BAK 2008-12-10 00:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-09 22:33:25 ----D---- C:\Program Files\Uniblue 2008-12-09 22:32:57 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-09 18:06:43 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 2 2008-12-02 21:36:20 ----D---- C:\Documents and Settings\patrick leschot\Application Data\Malwarebytes 2008-12-02 21:36:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-02 21:35:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-02 21:12:37 ----D---- C:\Host 2008-12-02 21:07:55 ----D---- C:\Program Files\Enigma Software Group 2008-12-02 19:01:27 ----A---- C:\WINDOWS\system32\e3856c84-.txt 2008-12-02 18:57:24 ----A---- C:\WINDOWS\system32\ocntlsdl.exe 2008-12-02 18:57:22 ----A---- C:\WINDOWS\system32\g15.exe 2008-12-01 22:41:37 ----D---- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046} 2008-12-01 22:41:18 ----D---- C:\Program Files\burnatonce 2008-11-18 22:13:11 ----D---- C:\Program Files\IDoser v4 2008-11-13 03:08:14 ----A---- C:\WINDOWS\system32\MRT.INI 2008-11-13 03:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-13 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-13 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ ======List of files/folders modified in the last 1 months====== 2008-12-11 17:20:48 ----D---- C:\WINDOWS\Prefetch 2008-12-11 17:20:47 ----D---- C:\WINDOWS\Temp 2008-12-11 16:22:38 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt 2008-12-11 15:57:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-11 15:38:27 ----HD---- C:\WINDOWS\inf 2008-12-11 15:38:18 ----D---- C:\WINDOWS 2008-12-11 15:38:05 ----D---- C:\WINDOWS\system32 2008-12-11 15:20:00 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-11 15:18:12 ----D---- C:\Program Files\Mozilla Firefox 2008-12-11 15:17:24 ----D---- C:\WINDOWS\Registration 2008-12-11 00:20:23 ----HD---- C:\WINDOWS\system32\drivers 2008-12-10 07:37:54 ----SHD---- C:\WINDOWS\Installer 2008-12-10 07:37:51 ----D---- C:\Config.Msi 2008-12-10 07:37:11 ----A---- C:\WINDOWS\win.ini 2008-12-10 00:43:26 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-12-10 00:43:23 ----D---- C:\Program Files\Internet Explorer 2008-12-10 00:43:04 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-09 22:45:34 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-09 22:45:34 ----D---- C:\Program Files\NCSoft 2008-12-09 22:44:50 ----RD---- C:\Program Files 2008-12-09 22:34:05 ----RASH---- C:\boot.ini 2008-12-09 22:34:05 ----A---- C:\WINDOWS\system.ini 2008-12-09 19:34:50 ----D---- C:\Program Files\eMule 2008-12-09 03:27:39 ----D---- C:\VundoFix Backups 2008-12-08 21:59:42 ----D---- C:\Program Files\SpeedFan 2008-12-08 21:45:15 ----D---- C:\WINDOWS\system32\config 2008-12-08 21:44:33 ----D---- C:\WINDOWS\system32\wbem 2008-12-08 20:34:04 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2008-12-08 20:21:28 ----D---- C:\!KillBox 2008-12-08 19:35:58 ----D---- C:\Program Files\McAfee 2008-12-05 00:39:51 ----D---- C:\Documents and Settings\patrick leschot\Application Data\MiniLyrics 2008-12-04 00:34:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-12-02 22:46:24 ----D---- C:\Program Files\GemMasterFrench 2008-12-02 22:26:30 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-02 21:57:19 ----D---- C:\WINDOWS\Debug 2008-12-02 21:44:09 ----A---- C:\VundoFix.txt 2008-12-02 18:55:01 ----SD---- C:\WINDOWS\Tasks 2008-12-01 22:41:20 ----RSD---- C:\WINDOWS\Fonts 2008-11-29 00:02:00 ----D---- C:\Program Files\DivX 2008-11-28 19:49:54 ----D---- C:\Lyrics 2008-11-21 17:47:49 ----D---- C:\WINDOWS\Help 2008-11-16 13:54:09 ----SHD---- C:\System Volume Information 2008-11-15 22:00:58 ----D---- C:\WINDOWS\system32\Restore 2008-11-13 03:02:09 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-04-28 50816] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-27 17056] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2271] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064] R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-06-16 63360] S1 nmwcdd;nmwcdd; C:\WINDOWS\System32\drivers\nmwcdd.sys [] S1 SuperMounter;SuperMounter; C:\WINDOWS\system32\drivers\SuperMounter.sys [] S3 a88mzzaa;a88mzzaa; C:\WINDOWS\system32\drivers\a88mzzaa.sys [] S3 avcbrxhl;avcbrxhl; C:\WINDOWS\system32\drivers\avcbrxhl.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\catchme.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] S3 ggsemc;Sony Ericsson USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2006-05-22 8704] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 88688] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 18704] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 86560] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 90800] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-09-14 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-09-14 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-09-14 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-09-14 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-09-14 83344] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S3 xemscan;XEMTEC OCR Scanner Driver (xemscan.sys); C:\WINDOWS\System32\Drivers\xemscan.sys [2003-05-19 23040] S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-06-16 83200] S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-06-16 14848] S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-06-16 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-06-16 109568] S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-06-16 91264] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-02 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424] R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016] R2 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-10-28 195752] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\McrdSvc.exe [2005-10-29 98304] R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264] R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160] R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521] R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2008-09-21 811008] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800] S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-25 654848] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-24 355584] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-12-11 17:21:09 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe ACD/Labs Software in C:\ACDFREE10\-->C:\ACDFREE10\setup\setup.exe -uninstall Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251} Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{69B6B4A5-1C4D-4F16-BB11-A4EB9A439116} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup-->MsiExec.exe /I{BE136F60-5D0F-4663-8B32-938A3EFD3FCB} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe SVG Viewer 6.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 6.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 6.0\Uninstall\Install.log Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Ajouter ou supprimer Adobe Creative Suite 3 Web Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\e7f691c6f2bf7b70c25ea19f3d73b6e\Setup.exe AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArgusLab-->MsiExec.exe /I{01D190D9-B876-48C1-BD5B-FE8247DDBE40} ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe" Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly Broadcom Management Programs 2-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a burnatonce-->"C:\Program Files\burnatonce\unins000.exe" CambridgeSoft ChemOffice Ultra 2008-->C:\Program Files\InstallShield Installation Information\{F1482413-D644-45D4-8E2A-FBDCEC18142A}\setup.exe -runfromtemp -l0x0409 CambridgeSoft ChemScript 11.0-->MsiExec.exe /X{19D196C4-8D02-4CBF-AF49-7D40C73C2602} CambridgeSoft ENotebook 11.0-->C:\Program Files\InstallShield Installation Information\{09AE4FE6-9610-449C-A5DE-C78FCFEB8A41}\setup.exe -runfromtemp -l0x0409 Canon Camera Access Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1036 Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1036 Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F} Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D} Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7} Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D} CANON iMAGE GATEWAY Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5B03B93F-1B32-4509-9CA6-4BB33E9987EF} Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D0E8C34D-19D2-49FD-A900-88DEB788FF86} Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398} Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC} Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4} Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6} Canon ZoomBrowser EX (F)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} Cartes du Ciel-->"C:\Program Files\Ciel\Uninstall.exe" "C:\Program Files\Ciel\install.log" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" CEP - Color Enable Package-->"C:\WINDOWS\unins000.exe" Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Composant Hmk-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Vidal\Communs\Hmk.isu" Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Conseiller de mise à niveau Microsoft SQL Server 2005 (français)-->MsiExec.exe /I{BF76C80D-200E-4B0F-B72C-0EA3D960DBE7} Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DFX 8 for Windows Media Player-->MsiExec.exe /I{c94b04c0-3a4c-4fd6-9414-e04a8e5b4d52} Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe" Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe" eMulev0.49a.-MorphXTv11.0-->"C:\Program Files\eMule\unins000.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe" FileDownloader 1.21-->MsiExec.exe /I{6332BC91-C5FA-4E6F-AC94-47AB4A00F864} FMS-->C:\Program Files\FMS\Uninstall.exe GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe" Gestion de l'alimentation de la carte réseau interne-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x40c UNINSTALL APPDRVNT4 Gimp Pack Mode 2.4.2-->"C:\Program Files\Gimp Pack Mode\unins000.exe" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Iris-->C:\WINDOWS\unin040c.exe -fc:\iris\DeIsL1.isu -cc:\iris\_ISREG32.DLL iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Ma-Config.com-->MsiExec.exe /X{49C3F7D7-215F-47D7-A93B-E9FC772A5E96} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Matroska Pack - Lazy Man's MKV 0.9.9-->"C:\Program Files\LD-Anime\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} Media Center Extender-->C:\WINDOWS\eHome\DvcConn.exe /uninstall Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0} Medieval CUE Splitter-->MsiExec.exe /I{372668AA-CA3D-4D23-8B02-2BB339BB1868} Medieval CUE Splitter-->MsiExec.exe /I{E9A5B341-167D-4042-8854-46F671F94049} MestReC 4.7.0-->"C:\Program Files\MestRe-C\unins000.exe" mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Outlook 2003 avec Gestionnaire de contacts professionnels (Mise à jour)-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A67} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9111040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe" Mirar-->mshta.exe http://remove.getmirar.com/ Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MOBILedit! 2.8-->RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe MoneyPen 2.0-->MsiExec.exe /I{47C09BBC-470E-4507-8E62-463F9A243D53} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Firefox (3.1b2)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe MP3 Splitter & Joiner Pro 3.48-->"C:\Program Files\MP3 Splitter & Joiner Pro\unins000.exe" mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Netlog 24-->C:\WINDOWS\system32\Netlog24Uninstaller.exe Netlog Music Tool-->C:\WINDOWS\system32\netlogun.exe Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72} ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe" Otto-->"C:\Program Files\FrenchOtto\uninstallotto.exe" Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PeerTV 1.1.2-->"C:\Program Files\PeerTV\uninstall.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Pilote de stockage USB2 LaCie-->C:\WINDOWS\Drivers\LaCie\UNWISE.EXE C:\WINDOWS\Drivers\LaCie\INSTALL.LOG PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} PowerDVD 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Programme de désinstallation de McAfee-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm QuickSet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x40c UNINSTALL APPDRVNT4 - ALL QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} QuizMaster 2.9-->"C:\Program Files\QuizMaster\unins000.exe" Radiotracker 3.0.47.0-->"C:\Program Files\Radiotracker\unins000.exe" Radiotracker-->MsiExec.exe /I{FF1BC44A-184A-4F12-9A99-B27AC3064174} RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8} Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B} SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe" Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{5F1ECBFB-048E-406E-A7AB-A81F9E359961} Sony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A} Sony Ericsson PC Suite 3.106.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x040c -removeonly Sony Ericsson PC Suite for Smartphones-->C:\WINDOWS\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe /uninstall Sony Ericsson PC Suite for Smartphones-->MsiExec.exe /I{E09936FE-9B7B-4AB5-B08A-A9216E0D042F} Sony Ericsson Symbian 9 Drivers-->C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u Theorie 11-->C:\thprog1b\UNINST.EXE TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe TVersity Media Server 1.0.0.4 RC3-->C:\Program Files\TVersity\Media Server\uninst.exe Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe Update Service-->C:\Program Files\Sony Ericsson\Update Service1\uninst.exe USB Safely Remove 4.0 beta 6-->"C:\Program Files\USB Safely Remove\unins000.exe" VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vista Icon Pack v3 System Patch-->VIPuninstall.bat Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe Wolfram Mathematica 6-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{38D69F3E-823F-4203-989D-4D47227AF920} XQDC X-Setup Pro 9.0.100-->"C:\Program Files\X-Setup Pro\unins000.exe" =====HijackThis Backups===== F3 - REG:win.ini: run="C:\Documents and Settings\patrick leschot\Application Data\Adobe\Manager.exe" O4 - HKLM\..\Run: [cgoerkbhgdxsnbmg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cbhfqdbpcvzdb.dll" O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ocntlsdl.exe DWmmm01FF O4 - HKLM\..\Run: [e8a6a8fa] rundll32.exe "C:\WINDOWS\system32\wcvwilww.dll",b O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O3 - Toolbar: Mirar - {E6901F14-CE93-46FB-B768-6FE76D9EF2C4} - C:\WINDOWS\system32\winnk77.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O8 - Extra context menu item: Download with Rapget - C:\Program Files\RAPidshareGET\RapGet\rapget.htm O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O2 - BHO: banners4u browser enhancer - {D36A1581-8F9C-98AF-B7E1-E6CBE66CFC9F} - C:\WINDOWS\system32\cbhfqdbpcvzdb.dll O4 - HKLM\..\Run: [cgoerkbhgdxsnbmg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cbhfqdbpcvzdb.dll" O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntlsdl.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O1 - Hosts: [Misc A - Z] ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 a9rhiwa.cn #[Google.Warning] 127.0.0.1 www.a9rhiwa.cn 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intuwave\Shared\mRouterRuntime "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "PYTHONPATH"=C:\Program Files\CambridgeSoft\ChemOffice2008\ChemScript 11\Lib;C:\Program Files\CambridgeSoft\ChemOffice2008\ChemScript\Lib "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "DEFAULT_CA_NR"=CA8 -----------------EOF-----------------
  14. mc19
    Bonjour, Depuis plusieurs jours windows à de la peine à démarrer (problème avec explorer.exe), quand il arrive à se lancer j'ai d'énormes ralentissements, mon bureau à changer d'apparence(grandeur des polices, barre de tâches), et si je lance le mode sans-échec, rien de se passe,windows reste bloqué sur un écran noir. J'ai effectué un log Hijackthi. Serait-il possible de l'analyser? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:34:21, on 11.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\AlienGUIse\wbload.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ma-config.com\maconfservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\20b79cb341971b9a1c4b09d155a8fbfc\update\update.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156079898312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159796243046 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: wbsys.dll alteym.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11368 bytes Mon configuration est la suivante: Windows xp média center version 2002 sp3 Dell inspiron 9300 Anti-virus: McAfee SecurityCenter Je vous remercie d'avance.
×
×
  • Créer...